github antrea-io/antrea v0.12.0
Release v0.12.0
on GitHub

latest releases: v1.15.2, v2.0.1, v2.0.0...
3 years ago

Includes all the changes from 0.11.1.

Added

  • Add support for rule-level AppliedTo for Antrea-native policies. (#1396, @Dyanngg)
    • Ability to select different endpoints on which to apply the different rules within the same policy, without having to define multiple policies
    • For a given policy, either the policy-level AppliedTo field must be used, or the rule-level AppliedTo fields
  • Add support for port ranges in the rules of Antrea-native policies. (#1557, @GraysonWu)
  • Introduce the FlowAggregator, an IPFIX mediator implementation to collect, process and export flow records generated by the Antrea Agents. (#1671 #1677, @srikartati @dreamtalen @zyiou)
    • Built using the go-ipfix library
    • Flow records exported by the FlowAggregator are not missing any K8s contextual information (e.g. source / destination Pod names)
    • It is recommended to always deploy the FlowAggregator when using the FlowExporter feature, as opposed to sending records directly from the Agent to a third-party collector
    • Refer to the Flow Exporter documentation for more information
  • Add ability to sort by "effective priority" when listing internal NetworkPolicy resources (computed by the Controller) with antctl: priorities are sorted in the effective order in which they are enforced. (#1530, @Dyanngg)
  • Add support for IPv6 to the FlowExporter implementation in the Agent. (#1677, @lzhecheng @antoninbas @srikartati)
    • Support for IPv6 IPFIX Information Elements in exported flow records
    • Agent can export flows to an IPFIX collector over IPv6
    • However, FlowAggregator is still missing support for IPv6
  • Add support for generating an Antrea manifest which is compatible with K8s 1.15 clusters (by default, Antrea requires K8s >= 1.16). (#1664, @guesslin)
    • This can be done by running the hack/generate-manifest.sh script with the "--k8s-1.15" flag

Changed

  • Update the priority of the default Tiers, to space them out more evenly and to provide more room for user-defined Tiers with higher priority than Emergency. (#1665, @abhiraut)
    • This change will impact users who use custom Tiers - in addition to the default Tiers -, as the relative priorities between tiers may change and impact the order in which Antrea-native policies are enforced
    • Impacted users will need to recreate their custom tiers with updated priority values after upgrading Antrea to restore the enforcement order of their policies
  • Switch to VMware Harbor registry (projects.registry.vmware.com) for all user-facing Docker images, in response to new Docker Hub rate limits. (#1617, @antoninbas @lzhecheng).
    • When applying one of the official Antrea manifests, the Antrea Docker images will be pulled from projects.registry.vmware.com
  • Default to ~/.kube/config as the default location of the Kubeconfig file in the Antrea Octant plugin: this gives a better user experience when running Octant and the plugin as a process (as opposed to running them as a Pod). (#1662, @mengdie-song)
  • Set OVS max revalidator delay to 200 ms (instead of 500ms): this reduces the delay before a learned flow is installed in the OVS datapath and improves the quality of the SessionAffinity implementation in AntreaProxy. (#1584, @antoninbas)
  • Add more load-balancing information for Service traffic (destination Pod name and IP) in the generated Traceflow graph in Octant when applicable. (#1607, @ZhangYW18)
  • Clean up OVS flows in charge of SNAT in Windows Agent implementation. (#1453, @jianjuns) [Windows]
  • Make the OVS flows in charge of L2/L3 forwarding more uniform across different traffic cases. (#1594, @jianjuns)
  • Auto-generate listers and informers for AntreaAgentInfo and AntreaControllerInfo CRDs to facilitate consumption by other projects. (#1612, @liu4480)

Fixed

  • Fix Agent crash when creating an Antrea-native policy with a "drop" action, while the NetworkPolicyStats feature is enabled. (#1606, @ceclinux)
  • Fix Traceflow when Antrea-native policies are created with a "drop" action. (#1602, @gran-vmv @lzhecheng)
  • Fix Agent crash when enabling NetworkPolicyStats and Traceflow feature together and creating an Antrea-native policy with a "drop" action. (#1615, @tnqn)
  • Do not try to remove existing IP addresses from the Antrea OVS bridge on Windows before assigning the correct one, as there may not be any which would cause an error. (#1660, [@ruicao9
    3]) [Windows]
  • When the destination is a Service in a Traceflow request, do not overwrite the default TCP SYN flag (needed for the packet to be processed by AntreaProxy correctly) unless the user explicitly provided a non-zero value. ([#1602](https://
    github.com//pull/1602), @gran-vmv @lzhecheng)
  • Do not decrement the IP TTL field during L3 forwarding if the packet entered the OVS pipeline from the local gateway. (#1436, @wenyingd @dumlutimuralp)
  • Improve handling of transient OVS errors when installing flows for policy rules in the Agent, by ensuring that retries are executed correctly. (#1667, @tnqn)
Check out latest releases or
releases around antrea-io/antrea v0.12.0

Don't miss a new antrea release

NewReleases is sending notifications on new releases.

Get notifications